package ybt.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import ybt.service.SysUserService;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
	@Autowired
	private SysUserService sysUserService;
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(sysUserService).passwordEncoder(new BCryptPasswordEncoder());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable();
		http.headers().frameOptions().disable();    //解决iframe与安全器兼容性问题
		http.formLogin()
			.loginPage("/login")
			.permitAll()
			.usernameParameter("username")
			.passwordParameter("pwd")
			.successForwardUrl("/main2")
			.failureUrl("/login?error");
		http.logout().logoutUrl("/logout").permitAll();
		http.authorizeRequests().antMatchers("/static/**","/webjars/**").permitAll();
		http.authorizeRequests().antMatchers("/course/**","/banji/**","/dept/**","/main/**").permitAll();
		http.authorizeRequests().anyRequest().authenticated();    //除此之外的都必须通过请求验证才能访问
		
	}


}
